nasa-pds / devops Goto Github PK
View Code? Open in Web Editor NEWParent repo for PDS DevOps activities
License: Apache License 2.0
Parent repo for PDS DevOps activities
License: Apache License 2.0
For example these repositories:
https://github.com/NASA-PDS/registry-harvest-service/blob/main/docker/Dockerfile
https://github.com/NASA-PDS/registry-crawler-service/blob/main/docker/Dockerfile
https://github.com/NASA-PDS/registry-harvest-cli/blob/main/docker/Dockerfile
I was thinking we could use an environment variable instead so that the CICD sets it automatically
For more information on how to populate this new feature request, see the PDS Wiki on User Story Development:
https://github.com/NASA-PDS/nasa-pds.github.io/wiki/Issue-Tracking#user-story-development
...so that I can update any of our PyPi packages.
See NASA-PDS/pds-api-client#2 (comment)
Given a completed update to a PDS Python repo
When I perform a deplyoment to PyPi
Then I expect to be able to successfully update the PyPi package with my PyPi account.
This should just be something simple we can add to a "Create a New Python Repo" guide. maybe we just add this to the Python template README?
...so that I can easily test services and clients against those services
Given
When I perform
Then I expect
We want some generic tool / service identified and a process documented for continuous deployment of PDS EN services that are in development. This capability to be possible for services that may be deployed either (or both):
things to thing about:
Update https://github.com/NASA-PDS/nasa-pds.github.io/wiki/Git-and-Github-Guide#creating-a-new-repo with the info necessary to enable DOIs for a particular repo when applicable.
Follow-on to #14
The database an sqllite file stored at the root of the virtual environment (doi.db).
The following command initialize the database with the PDS's dataCite dois:
pds-doi-init --service datacite --prefix ${PREFIX} --submitter ${SUBMITTER}
Where submitter is the email of the author of the operation and prefix is one of 10.17189, 10.26007, 10.2603 (to be confirmed with @jordanpadams which one is best in this case). We would get the DOIs from the dataCite test database anyway to avoid sharing the production login/password on the staging area and risking them to be used to update the production DOIs.
...so that I can develop my product generation software in parallel of the development of the dictionary, seamlessly.
2 tasks foreseen:
update LDD-CORRAL to handle the snapshot version of the LDD and publish it
integrate the LDD-CORRAL (https://github.com/nasa-pds/operations/#ldd-corralpy) to the CICD framework so that stable and snapshot releases of the LDD are published:
Given
When I perform
Then I expect
First we were thinking we could use Jenkins for the CICD integration. By doing so we would build on what has already been developed for the CD in integration and I&T environment.
Then I realized the final location of the deployment is going to be the web site hosted on AWS. So we might want to use the opportunity of this user story to start to look into continuous deployment on AWS. I have no idea what the would be yet. This ticket would include the required analysis for doing that.
...so that I can have an area to run operations procedures in a non-production environment
See architecture diagram and parent Epic with related tickets for more details
Given
When I perform
Then I expect
The automatic image creation recently added to several repositories (registry-api, registry-loader, registry-harvest-service, registry-crawler-service, and registry-harvest-cli) seems to take into account only Dockerfile
.
However, some of the repositories use Dockerfile.local
and other Dockerfiles
. The automatic image creation should figure out which of these to use for stable and unstable workflows.
Follow-on to #3 design
...so that I can perform I&T on the services prior to release
See architecture diagram for more details.
Given
When I perform
Then I expect
...so that we don't have to do it manually build and publish the images.
consider the publication on AWS ECR for later
Given
When I perform
Then I expect
Yes - I've already checked
The docker images used in the registry pipeline are not updated.
I expected the newest latest images to be pulled every night.
Go on the jenkins https://pds-jenkins.jpl.nasa.gov/job/Registry/
No response
No response
No response
π¦ #xyz
No response
Currently the NASA-PDS group on Zenodo (what they call a "community") belongs to the GitHub user @nutjob4life, who is then responsible for listing newly-assigned DOIs in the group.
Zenodo says that "having multiple curators per community is an oft-requested feature" but is "currently not supported" and is recommended that "a single account that an organization has shared access to" be assigned the ownership role.
We have such an account: @pdsen-ci.
Please have it take over the NASA-PDS
community on Zenodo.
@MJJoyce and @nutjob4life have been struggling over the last 2β weeks with Python Versioneer and we keep running into issues (from mysterious git hashes when there shouldn't be any, to inconsistent handling of annotated/non-annotated tags, to puzzling out the unseen magic that goes into determining a version, to developing one-too-many workarounds in the Roundup Action and pds-github-util just to accommodate Versioneer).
There are some endemic issues to Versioneer as well, including:
main
branch, using hard-coded master
branch to check for divergence.Other users are running into these as wellβ@collinss-jpl in particular, where the pds-doi-service has served as the poster case for all that can go wrong with Versioneer.
One famous maxim from Python development (import this
) reads:
Explicit is better than implicit.
Versioneer has made things so implicit that we find ourselves at a loss to explain its behaviorβand worse, to correct it. We feel we've surpassed the point of diminishing returns with Versioneer and now recommend its excisionβwith prejudiceβfrom the PDS codebase. Here's something that, perhaps, Maven has done right: just put the version number in pom.xml
explicitly where people know how to find it!
This ticket will serve as an epic for the removal from other repositories that the Versioneer has infected.
For components:
mvn spring-boot:build-image
)A specific docker image is created from the dev branch and the latest docker image from the other components are used.
To move forward with that, I suggest to:
Using the existing terraform scripts in repository:
For more information on how to populate this new feature request, see the PDS Wiki on User Story Development:
https://github.com/NASA-PDS/nasa-pds.github.io/wiki/Issue-Tracking#user-story-development
...so that I can update / access any of our repositories and source code at any time.
We should make sure all of our repos have the following teams with access:
Additionally, not sure if doing this autonomously is worth the effort at this point. Let's just add this to the template repo READMEs or in a wiki for creating a new repo and call it good.
Given a member of the @pds-software-committers team has an update to push to a PDS EN repo
When I perform a commit and push to a branch
Then I expect to successfully push to a branch on that repo
Given a member of the @pds-software-pmc or @pdsen-operations team has an update to push to a PDS EN repo
When I perform a commit and push to master on that repo
Then I expect to successfully push to master on that repo
For both on prem and AWS services
The objective is to be able to automatically deploy an up to date I&T platform where automated tests have been executed and published on testrail.
For more information on how to populate this new feature request, see the PDS Wiki on User Story Development:
https://github.com/NASA-PDS/nasa-pds.github.io/wiki/Issue-Tracking#user-story-development
...so that we can ensure the 99.99% uptime "requirement" we are striving for across all our systems
This goes beyond the systems monitoring the SAs have setup for our machines. That monitoring only ensures the services are up and running βοΈ (e.g. Tomcat hasn't crashed), but we need some tool or service that makes sure the API actually returns data.
Given a registry ingestion fails and wipes out the database (or name your favorite service)
When I perform nothing
Then I expect to get a notification that something is wrong with the registry
We should think of this as some sort of generic "ping" software (or Github Action), that kicks all our services every so often to see if they are awake and functioning properly. At minimum, this should support the following services to start:
...so that I can run clients against an API server without needing the expertise to set up an API server
The parent epic ticket as well as the deployment lifecycle diagram provide context and additional details.
Given
When I perform
Then I expect
Because the hosts provided by github do not allow reliable execution of the github actions, we want to deply and execute them on other premises (e.g. AWS)
Take into account the following components:
The priority is on the registry deployment.
Example of deployment strategy is blue/green.
Yes - I've already checked
EN team member
...so that I can report on the automatic testing.
No response
Given the jenkins dev staging server, testrail production service
When I perform when I go to the testrail run report https://cae-testrail.jpl.nasa.gov/testrail/index.php?/runs/overview/168
Then I expect to see nighty test reports for the suite PDS Registry API, automated tests (https://cae-testrail.jpl.nasa.gov/testrail/index.php?/suites/view/12824&group_by=cases:section_id&group_order=asc)
Follow the guidelines on https://medium.com/apis-with-valentine/how-to-integrate-testrail-with-postman-newman-api-tests-cc0380998d04
Use test suite in testrail https://cae-testrail.jpl.nasa.gov/testrail/index.php?/suites/view/12824 for API automated testing.
Use test with ID: C1274687
Add the reference in the postman test suite in the registry repository, see https://github.com/NASA-PDS/registry/tree/main/docker/postman
Update the newman configuration for the jenkins pipeline so that jenkins generates a nightly test report on test rail. That will be a single test for now, but we want that to be a starting point for the I&T team to get a full reporting on the postman tests in test rail.
Define the proper revision scheme related to the actual version of the components.
That could be using the version of the components or tags (latest, stable...)
Applies to the following repositories:
For registry:
For nucleus:
Validate that the tasks can be used on the AWS deployments (e.g. en-delta for registry).
Applies to the following repository:
For registry:
For nucleus:
Validate that the docker images work on the AWS deployment (e.g. on en-delta for registry). It is likely that the Dockerfile will require update since the one currently used for registry-api in the test environment (docker compose) and generated by the github action is different that the one used in AWS.
Per the JPL-PDS Open Source Policy:
Each major release of the software must have a persistent identifier such as a Digital Object Identifier (DOI).
Jobs should be triggered by changes on the github repositories
doi service should be on url /api/doi// where version is currently 0.2, but we should have latest
instead
registry api should be on /api/search/ where version is currently 1.0 , but we should have latest
instead
As part of our "lessons learned", having PDS repositories use the main
branch of Roundup Action causes problemsβnamely, if a feature is implemented or a bug is fixed that introduces a new bug, every repository using main
is affected.
Instead, when we have a point in the Roundup development that we consider stable, we tag it with stable
. A workflow YAML file can say:
uses: NASA-PDS/roundup-action@stable
to say it prefers that tag of the action and not some other branchβespecially not main
.
The following repositories are still using the @main
branch of the Roundup Action. These should should be transitioned to use @stable
:
...so that I can make sure the integration tests run and so that I update the integration tests to test the feature I am developing.
This will also ease the development process by automating the docker image generation and publication and having that done in github actions and pushed to docker hub from there, rather than doing that manually from a laptop.
Integration tests are tests which requires the deployment of muultiple components, which source code is distributed in different github repositories. We want to aggregate them in application repositories (e.g. registry) which contains the code to deploy the different components from docker images and run the integration test.
I was thinking we could publish docker images with a suffix named after the branch, for example registry-api:1.2.0-SNAPSHOT.{name of the branch}
I don't know what would trigger the generation of the image and the deployment in an integration environment. Every commit/push sounds too often and not needed. In my previous job we were using a slack channel to command a robot which would deploy in the integration environment: deploy {env-name} {application} {branch}
I guess that could be managed in jenkins.
We can discuss the details more during one breakout meeting.
Given
When I perform
Then I expect
Consider an update of the new brokeup component, see NASA-PDS/pds-github-util#73
Ask SAs
...so that I can check if that works, so that I can add an application.
We need a documentation to access the jenkins server and check that deployment work and to be able to add new applications.
I would expect this documentation to be around there https://wiki.jpl.nasa.gov/display/PDSEN/Developer+Guides since it is dedicated to the dev team and not available outside JPL.
Given the PDS Engineering node internal documentation
When I perform go to the devlopers guidelines
Then I expect to find a documentation for the jenkins platform and the CD on the DEV STAGING venue
...so that I can execute operations procedures in a production environment
See architecture diagram and parent Epic with related tickets for more details
Given
When I perform
Then I expect
For example in this page: https://pds-jenkins.jpl.nasa.gov/job/Registry/356/execution/node/49/log/
@nutjob4life knows how to do that, @sjoshi-jpl has access to NGAP.
Based upon NASA-PDS/template-repo-python#5 and https://github.com/NASA-PDS/pds-template-repo-java, lets:
See https://github.com/NASA-PDS/validate or https://github.com/NASA-PDS/registry-api-service for example java repos
Yes - I've already checked
other developers or testers mostly.
...so that I can deploy PDS EN docker images on my macbook using a M1 chip.
This need to be implemented in the CICD.
Given
When I perform
Then I expect
No response
See sub-tasks for next steps
For deployment on NGAP now.
Components to terraform:
Sometimes the version of the application is hardcoded in the Dockerfile file, which requires to update it (and not forget to do so) whenever a new stable release is made.
We would like the application to be an argument of the docker build command that roundup can manage, so to simplify the life of the release manager.
The GitHub Actions Blog reminds us that using ::set-output
(and ::save-state
) is deprecated for security reasons and to use echo "NAME=VALUE" >> $GITHUB_OUTPUT
instead. (I don't think we're using ::save-state
at all.)
The repositories that may affect includes:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. πππ
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google β€οΈ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.